good job!
with cryptsetup the new patches are running fine
thank you to every one!
to Guilhem Moulin: I made a little patch because the socket permissions
seems to be wrong when --chuid is specified
ciao :)
>From 67d080cc7c195f1a34cb6a0dc7ac7a5d9dbad28d Mon Sep 17 00:00:00 2001
From: Trek <tre...@inbox.ru>
Date: Tue, 16 Oct 2018 21:45:42 +0200
Subject: [PATCH] Set the proper permissions to s-s-d notify socket and
directory
If the --chuid parameter is specified, the notify socket is not
accessible by the client, because mkdtemp() creates a directory owned
by root with 0700 permission. Moreover fchown() on a socket does not
have effects, because a socket doesn't have an associated inode.
Change the directory owner to runas_uid and use chown() instead of
fchown() to change the socket owner. Drop unneeded fchmod().
---
utils/start-stop-daemon.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c
index 476b31b..5f14931 100644
--- a/utils/start-stop-daemon.c
+++ b/utils/start-stop-daemon.c
@@ -548,6 +548,9 @@ setup_socket_name(const char *suffix)
atexit(cleanup_socket_dir);
+ if (chown(notify_sockdir, runas_uid, runas_gid))
+ fatal("cannot change socket directory ownership");
+
if (asprintf(¬ify_socket, "%s/notify", notify_sockdir) < 0)
fatal("cannot allocate socket name");
@@ -578,7 +581,7 @@ create_notify_socket(void)
if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) < 0)
fatal("cannot set close-on-exec flag for notification socket");
- sockname = setup_socket_name(".s-s-d-notify");
+ sockname = setup_socket_name("start-stop-daemon");
/* Bind to a socket in a temporary directory, selected based on
* the platform. */
@@ -590,12 +593,7 @@ create_notify_socket(void)
if (rc < 0)
fatal("cannot bind to notification socket");
- rc = fchmod(fd, 0660);
- if (rc < 0)
- fatal("cannot change notification socket permissions");
-
- rc = fchown(fd, runas_uid, runas_gid);
- if (rc < 0)
+ if (chown(su.sun_path, runas_uid, runas_gid))
fatal("cannot change notification socket ownership");
// XXX: verify we are talking to an expected child?? not sure whether
@@ -1446,7 +1444,7 @@ parse_options(int argc, char * const *argv)
badusage("--remove-pidfile requires --pidfile");
if (pid_str && pidfile)
- badusage("need either --pid of --pidfile, not both");
+ badusage("need either --pid or --pidfile, not both");
if (background && action != ACTION_START)
badusage("--background is only relevant with --start");
--
2.1.4